February 2018 Authorize.net is disabling TLS 1.0 and TLS 1.1 connections to their API in order to remain/become PCI-compliant. TLS is a protocol used to transport information securely over the internet. It is utilized in the Payment Gateway when connecting to Authorize.net via HTTPS in order to pass credit card information and receive transaction responses. This matters to AC7 merchants because the software runs on ASP.net 2.0 which does not support TLS 1.2.

To see if this will be an issue for you, create a .aspx page on your site with the following code:

This script connects to SSL Labs via HTTPS on the server side to determine which protocols are enabled. SSL2 and SSL3 have been defunct for a while now. TLS 1.0 and TLS 1.1 are what will be affected by the Authorize.net change. If TLS 1.2 returns false, you will have an issue.

Fortunately, we were using a fully patched Windows Server 2012 and have .Net 4.5+ installed. So the work around wasn't that painful. We added the following code to Global.asax to enable TLS 1.2, and left TLS 1.1 and TLS 1.0 enabled in case it is required by other web services we utilize that aren't affected by PCI: